In this post from Casper Beyer titled The Node.js Ecosystem Is Chaotic and Insecure, he cites examples like left-pad, is-odd, is-number — and goes on to say the way to be responsible with dependencies is…

…don’t trust package managers, every dependency is written by some random developer somewhere in the world and is a potential attack vector. … Is this being too paranoid? Perhaps, or maybe it’s the healthy amount considering the massive reach these trivial packages can have.

While this focuses on Node.js, the lessons learned apply anywhere you have dependencies in your code.

Get the latest news and podcasts for developers in your inbox, every week. We make it super easy to keep up with developer news that matters.